Intelligence
highVulnerabilityEmerging

Mitsubishi Electric CNC Remote DoS via Out-of-Bounds Read Affects Multiple Industrial Control Series

A remote out-of-bounds read vulnerability in Mitsubishi Electric CNC Series controllers enables denial-of-service attacks. This affects critical industrial manufacturing infrastructure across multiple product lines with varying patch states.

S
Sebastion

Affected

Mitsubishi Electric M800VWMitsubishi Electric M800VSMitsubishi Electric M80VMitsubishi Electric M80VWMitsubishi Electric M800WMitsubishi Electric M800SMitsubishi Electric M80Mitsubishi Electric M80WMitsubishi Electric E80Mitsubishi Electric C80Mitsubishi Electric M750VWMitsubishi Electric M730VWMitsubishi Electric M720VWMitsubishi Electric M750VS

This vulnerability represents a significant risk to industrial manufacturing operations globally. The out-of-bounds read condition can be triggered remotely, meaning attackers do not require physical access or credentials—a critical concern for OT environments with legacy network segmentation. The breadth of affected product lines (M-series, E-series, C-series across multiple generations) suggests the vulnerability likely exists in a shared code base or communication protocol handler across Mitsubishi's CNC platform.

The technical nature of the flaw—out-of-bounds memory access—typically indicates improper input validation on network-received data packets. In CNC controllers, this often relates to protocol parsing for G-code, proprietary Mitsubishi protocols, or industrial communication standards (Ethernet/IP, PROFINET). Successful exploitation causes denial-of-service, meaning affected machines cease operation, potentially halting production lines, delaying manufacturing schedules, and creating secondary safety risks in coordinated multi-machine environments.

The affected firmware versions show a fragmented patch landscape: some series have patch limits (<=BB, <=FM designations suggest version numbering schemes), while others (C80, M750VW, M730VW, M720VW, M750VS) list 'all versions' as vulnerable—indicating no patch is currently available for these models. This creates a problematic scenario where owners of certain CNC controllers cannot immediately remediate.

Defenders should: (1) identify all Mitsubishi CNC controllers in their environment using asset discovery tools; (2) prioritize network segmentation to restrict CNC controller access from untrusted networks; (3) monitor for exploitation attempts via unusual network traffic patterns to these devices; (4) contact Mitsubishi for patch availability and timelines; (5) consider temporary workarounds such as disabling remote access features if operationally feasible. Organizations should also review their incident response procedures for production line stoppages.

The broader implication is concerning: manufacturing represents critical infrastructure, and availability attacks on CNC systems can cascade through supply chains. This vulnerability underscores the maturation of OT-targeting capabilities and the urgency of applying industrial hygiene practices to legacy CNC deployments.

Sources

mitsubishi-electriccncocsdenial-of-serviceout-of-bounds-readindustrial-controlmanufacturing
Back to intelligence